From: Mikita Lipski <mikita.lipski@xxxxxxx>
Use drm_atomic_get_crtc_state to get the crtc state in case
it has been previously freed, that might prevent use-after-free issue.
This patch fixes the bugzilla bug:
Bug 199425 - BUG: KASAN: use-after-free in drm_atomic_helper_wait_for_flip_done+0x247/0x260
Signed-off-by: Mikita Lipski <mikita.lipski@xxxxxxx>
---
drivers/gpu/drm/drm_atomic_helper.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/drivers/gpu/drm/drm_atomic_helper.c b/drivers/gpu/drm/drm_atomic_helper.c
index e8c2493..e083f85 100644
--- a/drivers/gpu/drm/drm_atomic_helper.c
+++ b/drivers/gpu/drm/drm_atomic_helper.c
@@ -1276,9 +1276,11 @@ void drm_atomic_helper_wait_for_flip_done(struct drm_device *dev,
int i;
for_each_new_crtc_in_state(old_state, crtc, new_crtc_state, i) {
- struct drm_crtc_commit *commit = new_crtc_state->commit;
+ struct drm_crtc_commit *commit;
int ret;
+ new_crtc_state = drm_atomic_get_crtc_state(old_state, crtc);
+ commit = new_crtc_state->commit;
if (!commit)
continue;
--
2.7.4
_______________________________________________
dri-devel mailing list
dri-devel@xxxxxxxxxxxxxxxxxxxxx
https://lists.freedesktop.org/mailman/listinfo/dri-devel
